What is the CVSS score of CVE-2025-11791?

CVE-2025-11791 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2025-11791?

CVE-2025-11791 affects Acronis Cyber Protect backup solutions, allowing attackers to access sensitive information and potentially manipulate protected data due to inadequate authorization checks.

How to fix or mitigate CVE-2025-11791?

Within 24 hours: Inventory all Acronis Cyber Protect installations and identify systems running affected builds (17 before 41186 or Cloud Agent before 41124). Within 7 days: Restrict administrative access to Acronis consoles, implement network segmentation to limit agent communication, and monitor access logs for unauthorized activity. Within 30 days: Apply vendor patches immediately upon availability and conduct audit of backup data access logs for signs of compromise.

Windows CVE-2025-11791

HIGH

Missing Authorization (CWE-862)

2026-03-06 security@acronis.com

Windows Authentication Bypass Information Disclosure macOS Agent Cyber Protect

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 06, 2026 - 00:16 nvd

HIGH 7.1

DescriptionNVD

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

AnalysisAI

Technical ContextAI

Classified as CWE-862 (Missing Authorization). Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-11791 vulnerability details – vuln.today

Back